使用的Terraform版本:Terraform v0.12.13,创建Transit网关
尝试使用以下terraform脚本创建运输网关。我被困在aws_ec2_transit_gateway_route_table_propagation资源部分中,我想在每个资源中向每个transit_gateway_route_table_id添加多个以上的transit_gateway_attachment_id。
这是我要实现的目标。 VPC1可以与VPC2、3、4、5通话,反之亦然。 VPC2可以与VPC2,5通话,反之亦然。 VPC3可以与VPC1,4,5对话,反之亦然。 。 。 例如:与附件2(VPC2)关联的tgw_route_table(tgw_rt2)应该仅具有附件ID 2和5(VPC2和5)的传播。 等。
使用上述代码,只需添加一个附件即可。我尝试使用“ for”循环,但没有运气,请提出任何更好的方法来实现这一目标。
resource "aws_ec2_transit_gateway" "aws_tgw" {
default_route_table_association = "disable"
default_route_table_propagation = "disable"
tags = {
Name = "TGW"
Env = "Prod"
}
}
resource "aws_ec2_transit_gateway_vpc_attachment" "attach_tgw_vpc" {
count = "${var.no_of_vpc}"
subnet_ids = ["${element( aws_subnet.example.*.id, count.index )}"]
transit_gateway_id = "${aws_ec2_transit_gateway.aws_tgw.id}"
vpc_id = "${element( aws_vpc.terraform_vpc.*.id, count.index )}"
transit_gateway_default_route_table_association = "false"
transit_gateway_default_route_table_propagation = "false"
}
resource "aws_ec2_transit_gateway_route_table" "tgw_rt" {
count = "${var.no_of_vpc}"
transit_gateway_id = "${aws_ec2_transit_gateway.aws_tgw.id}"
}
resource "aws_ec2_transit_gateway_route_table_association" "aws_rt_association" {
count = "${var.no_of_vpc}"
transit_gateway_attachment_id = "${element( aws_ec2_transit_gateway_vpc_attachment.attach_tgw_vpc.*.id, count.index )}"
transit_gateway_route_table_id = "${element( aws_ec2_transit_gateway_route_table.tgw_rt.*.id, count.index )}"
}
resource "aws_ec2_transit_gateway_route_table_propagation" "tgw_rt_propagation" {
count = "${var.no_of_vpc}"
# for_each = data.aws_ec2_transit_gateway_vpc_attachment.selected
# transit_gateway_attachment_id = each.value
transit_gateway_attachment_id = "${element( aws_ec2_transit_gateway_vpc_attachment.attach_tgw_vpc.*.id, count.index )}"
transit_gateway_route_table_id = "${element( aws_ec2_transit_gateway_route_table.tgw_rt.*.id, count.index )}"
}
答案 0 :(得分:0)
首先,如果您使用的是Terraform 12,则可能应该使用TF 12语法。在TF 11中需要对变量,函数,资源和数据源进行插值,而在TF 12中则不需要插值。
例如,
resource "aws_ec2_transit_gateway_route_table" "tgw_rt" {
count = "${var.no_of_vpc}"
transit_gateway_id = "${aws_ec2_transit_gateway.aws_tgw.id}"
}
成为:
resource "aws_ec2_transit_gateway_route_table" "tgw_rt" {
count = var.no_of_vpc
transit_gateway_id = aws_ec2_transit_gateway.aws_tgw.id
}
但这并不能回答您的问题:)但是,您的问题确实表明您可能误解了TGW路由表的目的。
TGW路由表在您的中心分支网络体系结构中充当“中心”(AWS Docs很好地解释了其常见用例)。
这样做的结果是,您只需要拥有1个TGW路由表(如果您在多账户设置中运行,则需要使用AWS RAM添加资源共享,但是您没有提到所以我不会去研究)
以下内容未经测试,如果无法使用,我明天可以在工作时给您确切的代码。
您应该只有1个TGW路由表
resource "aws_ec2_transit_gateway_route_table" "tgw_rt" {
count = var.no_of_vpc > 0 ? 1 : 0
transit_gateway_id = aws_ec2_transit_gateway.aws_tgw.id
}
还将更改此代码块
resource "aws_ec2_transit_gateway_route_table_association" "aws_rt_association" {
count = var.no_of_vpc
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.attach_tgw_vpc.*.id[count.index]
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.tgw_rt[0].id
}
还有这个
resource "aws_ec2_transit_gateway_route_table_propagation" "tgw_rt_propagation" {
count = var.no_of_vpc > 0 ? 1 : 0
transit_gateway_attachment_id = aws_ec2_transit_gateway_vpc_attachment.attach_tgw_vpc.*.id[count.index]
transit_gateway_route_table_id = aws_ec2_transit_gateway_route_table.tgw_rt[0].id
}
HTH